Fedora Users — Re: Lost all network connectivity after clean FC3 install

Salvatore Indiogine wrote:

--- Paul Howarth <paul@xxxxxxxxxxxx> ha scritto:

$ dig @68.112.12.36 www.cnn.com
connection timed out; no servers could be reached
If this works on the machine connected to the cable modem then it suggests

This is actually on the client PC (FC1
eth0=192.168.0.50/255.255.255.0 GW=192.168.0.1)
connected with a crossover cable to the eth1 of the
FC3 PC connected to the cable modem.

On 192.168.0.1 I get:

dig @68.112.12.36 www.cnn.com

; <<>> DiG 9.2.4 <<>> @68.112.12.36 www.cnn.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
53693
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 4,
ADDITIONAL: 0

;; QUESTION SECTION:
;www.cnn.com.                   IN      A

;; ANSWER SECTION:
www.cnn.com.            88      IN      CNAME  cnn.com.
cnn.com.                88      IN      A      64.236.16.116
cnn.com.                88      IN      A      64.236.24.4
cnn.com.                88      IN      A      64.236.24.12
cnn.com.                88      IN      A      64.236.24.20
cnn.com.                88      IN      A      64.236.24.28
cnn.com.                88      IN      A      64.236.16.20
cnn.com.                88      IN      A      64.236.16.52
cnn.com.                88      IN      A      64.236.16.84

;; AUTHORITY SECTION:
cnn.com.                452     IN      NS     twdns-01.ns.aol.com.
cnn.com.                452     IN      NS     twdns-02.ns.aol.com.
cnn.com.                452     IN      NS     twdns-03.ns.aol.com.
cnn.com.                452     IN      NS     twdns-04.ns.aol.com.

;; Query time: 73 msec
;; SERVER: 68.112.12.36#53(68.112.12.36)
;; WHEN: Thu Dec  9 11:25:29 2004
;; MSG SIZE  rcvd: 270


That looks OK, which again points the finger at the packet forwarding.

that your packet forwarding rules are broken. What's
the output of:
# iptables -n -L
on the machine connected to the cable modem?


iptables -n -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpts:6881:6889
RH-Firewall-1-INPUT  all  --  0.0.0.0/0           0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0           0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0       icmp type 255
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251     udp dpt:5353
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0       udp dpt:631
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0       state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0       state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0       reject-with icmp-host-prohibited

Interesting; the first rule in the RH-Firewall-1-INPUT chain would appear to be accepting any packet, thus rendering the remaining rules irrelevant. However, I'm not an iptables expert and I don't use Red Hat's firewall utility, so maybe I'm misinterpreting that.

What do you get from:

# iptables -L -n -t nat

Paul.